Our electronic devices store a plethora of sensitive information. To protect this information, device operating systems such as Apple’s iOS and Android have locking mechanisms. These require user authentication before access is granted.
One of the most common mechanisms is fingerprint login, a form of biometric technology first introduced by Apple in 2013 as Touch ID.
Touch ID was introduced with the intuition that, if there was an easier and quicker way to log in, users would be encouraged to keep stronger passcodes and passwords without sacrificing ease of access. It was supposed to enhance both the usability and security of the device.
When first unlocking an iPhone after starting it, users are asked to enter a strong six-digit passcode, instead of a simpler four-digit PIN. After that, Touch ID can be used to unlock the phone, to avoid having to re-enter the password multiple times.
Researchers found that among Touch ID users, the majority still used weak login codes, mainly four-digit PINs (which are easy to guess). This was also true among people who didn’t use Touch ID.